Step 2: Create an IAM role and attach your IAM policy
This step assumes that you have created the IAM policy in Step 1: Create an IAM policy. In this step, you create a IAM role for your RDS for Db2 DB instance and then attach your IAM policy to the role.
You can create an IAM role for your DB instance by using the AWS Management Console or the AWS CLI.
To create an IAM role and attach your IAM policy to it
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Roles.
-
Choose Create role.
-
For Trusted entity type, select AWS service.
-
For Service or use case, select RDS, and then select RDS – Add Role to Database.
-
Choose Next.
-
For Permissions policies, search for and select the name of the IAM policy that you created.
-
Choose Next.
-
For Role name, enter a role name.
-
(Optional) For Description, enter a description for the new role.
-
Choose Create role.
To create an IAM role and attach your IAM policy to it
-
Run the create-role command. In the following example, replace
iam_role_name
with a name for your IAM role.For Linux, macOS, or Unix:
aws iam create-role \ --role-name
iam_role_name
\ --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "rds.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }'For Windows:
aws iam create-role ^ --role-name
iam_role_name
^ --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "rds.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }' -
After the role is created, note the ARN of the role. You need the ARN for Step 3: Add your IAM role to your RDS for Db2 DB instance.
-
Run the attach-role-policy command. In the following example, replace
iam_policy_arn
with the ARN of the IAM policy that you created in Step 1: Create an IAM policy. Replaceiam_role_name
with the name of the IAM role that you just created.For Linux, macOS, or Unix:
aws iam attach-role-policy \ --policy-arn
iam_policy_arn
\ --role-nameiam_role_name
For Windows:
aws iam attach-role-policy ^ --policy-arn
iam_policy_arn
^ --role-nameiam_role_name
For more information, see Creating a role to delegate permissions to an IAM user in the IAM User Guide.